Category:

By:

Last week, three interesting vulnerabilities popped up on the news and security feeds. Researchers disclosed CVE-2017-5753 and CVE-2017-5715, collectively known as Spectre, and CVE-2017-5754, known as Meltdown. These vulnerabilities take advantage of “speculative execution” of instructions performed by many modern microprocessors and can potentially allow an unprivileged attacker to read privileged memory allocated to the operating system kernel resulting in unintended information disclosure.

In order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Trend Micro’s TippingPoint devices are closed systems that only allow our trusted code to be executed. The underlying CPU and OS combination in the TippingPoint devices may be affected by these vulnerabilities; however, because our systems are closed with an inability to run arbitrary code, there is no vector to exploit. As of the writing of this blog, there are no known attacks that impact TippingPoint products. Our team will continue to monitor the situation and inform our customers of any updates.

On January 5, 2018, we released DV filter 30191 outside of our normal schedule to provide protection against a published remote JavaScript exploit of the Spectre vulnerability. Our team will continue to monitor the situation and will release additional filters as needed. Customers with concerns or further questions can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). If you have other Trend Micro solutions, you can visit Trend Micro Business Support to get additional information.

TippingPoint Product Updates

Earlier this week, we released the following new releases for TippingPoint products:

Security Management System (SMS) Patches

The following patches include minor enhancements, bug fixes and address security issues:

SMS Version

Patch

Software

SMS v4.4.0

2

SMS_Patch-4.4.0.57192.2.pkg

SMS v4.5.0

1

SMS_Patch-4.5.0.98012.1.pkg

SMS v4.6.0

1

SMS_Patch-4.6.0.101914.1.pkg

SMS v5.0.0

1

SMS_Patch-5.0.0.106258.1.pkg

TippingPoint Operating System (TOS) v5.0.1 for Threat Protection System (TPS)

Version 5.0.1 build 4821 has been released for the TPS family (vTPS, 440T, 2200T, 8200TX, 8400TX) of devices.

TOS version 5.0.1.4821 will be released to manufacturing on March 31, 2018. All TPS family hardware appliances (440T, 2200T, 8200TX, 8400TX) will be manufactured with 5.0.1.4821 as January 9, 2018. This TOS release improves the overall security of the TPS and vTPS security devices, and resolves a number of issues.

For the complete list of enhancements and changes, customers can refer to the product release notes located on the Threat Management Center (TMC) website or contact the TippingPoint Technical Assistance Center (TAC) for questions or technical assistance.

Microsoft Updates

Due to the Meltdown and Spectre vulnerabilities, Microsoft issued an out-of-band update. The following table maps Digital Vaccine filters to the Microsoft updates issued on January 3, 2018:

CVE #

Digital Vaccine Filter #

Status

CVE-2018-0741

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0743

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0744

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0745

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0746

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0747

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0748

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0749

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0750

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0751

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0752

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0753

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0754

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0758

30160

CVE-2018-0762

30167

CVE-2018-0766

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0767

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0768

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0769

30168

CVE-2018-0770

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0772

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0773

30169

CVE-2018-0774

30185

CVE-2018-0775

30186

CVE-2018-0776

30164

CVE-2018-0777

30162

CVE-2018-0778

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0780

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0781

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0788

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0800

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0803

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0818

Vendor Deemed Reproducibility or Exploitation Unlikely

This week’s Digital Vaccine® (DV) package includes coverage for Microsoft updates released on or before January 9, 2018. Security patches were released by Microsoft covering Internet Explorer (IE), Microsoft Edge, ChakraCore, Microsoft Windows, Microsoft Office, ASP.NET, and the .NET Framework. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ January 2018 Security Update Review from the Zero Day Initiative:

CVE #

Digital Vaccine Filter #

Status

CVE-2018-0764

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0784

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0785

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0786

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0789

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0790

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0791

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0792

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0793

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0794

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0795

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0796

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0797

30163

CVE-2018-0798

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0799

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0801

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0802

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0804

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0805

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0806

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0807

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0812

Vendor Deemed Reproducibility or Exploitation Unlikely

CVE-2018-0819

Vendor Deemed Reproducibility or Exploitation Unlikely

Adobe Security Update

This week’s Digital Vaccine® (DV) package also includes coverage for Adobe updates released on or before January 9, 2018. The following table maps Digital Vaccine filters to the Adobe updates.

Bulletin #

CVE #

Digital Vaccine Filter #

Status

APSB18-01

CVE-2018-4871

30201

Zero-Day Filters

There are five new zero-day filters covering one vendor in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.